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IN THE CLAIMS 

1. (Original) A graphical user interface for representing and facilitating user 
manipulation of access control settings for a resource comprising: 

one or more display regions for graphical representations of access control 
settings for the resource which result from transformations applied to the 
structured data which defines the access control settings for the resource; 
and 

one or more display regions for representation of the resource; 

wherein thn set of display regions for representations of the settings and the 
display region for representation of the resource appear to the operator as in 
an integrated graphical user interface. 

2* (Original) The graphical user interface of claim 1, wherein one or more 
functions modify the spatial layout of the display regions. 

3. (Original) The graphical user interface of claim 1 f wherein one or more 
functions modify the number of the display regions. 

4. (Original) The graphical user interface of claim 1, wherein one or more 
functions modify the transformations that are applied to the structured data. 

5. (Original) The graphical user interface of claim 1, wherein a user is graphically 
represented by a display element comprising, at least in part, a likeness of the 
user. 

6. (Original) The graphical user interface of claim 5, wherein the likeness 
comprises, at least in part, a digital photograph, processed by a method including 
at least one step selected from the set of: adjusting image color saturation toward 



PAGE 9119 1 RCVD AT 1/28/2005 1 1 :52:49 AM [Eastern Standard Time] * SWJQEMW DNISOT06 • CSID:61 05663660 1 DURATION (mm-ss):09-30 



01/27/2085 23:52 6105663660 



LIPTQN, WEINBERGER 



PAGE 10 



PATENT 
Appln. No. 10/802,658 
Filing Date: 3/17/2004 

a predetermined target saturation level; converting to grayscale; adjusting Image 
brightness toward a predetermined target brightness level; adjusting image 
contrast toward a predetermined target contrast level; 

adjusting image sharpness toward a predetermined target sharpness level; and 
masking with a shape selected from a set comprising ovals and outlines of a bust. 

7. {Currently Amended) The graphical user interface of claim 1, wherein the set 
of display regions further comprises: 

a display isgion for a graphical representation of a set of groups ond users 
groups, usars gnd roles and their respective access privileges as defined by 
existing structured data for the resource; and 

a display region for a graphical representation of the result of transforming 
the set of groups and users and their respective access privileges into a 
corresponding set of Individual users only and their respective effective 
access privileges. 

8. (Original) The graphical user interface of claim 1, further comprising a first 
display region for a graphical representation of at least one set of known users and 
groups, wherein the operator can designate indicia for the known users and 
groups and visually associate the designated Indicia with a second display region 
to change the structured data which defines the access control settings for the 
resource. 

9. (Original) The graphical user interface of claim 8, wherein the first display 
region is reduced in size until activated by the user, and the first display region is 
increased in size upon activation. 

10. (Original) A graphical user interface for representing access log information 
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and access control settings for a resource, wherein at (east one display region 
contains a graphical representation of a set comprising one or more individual 
users, and wherein each of the individual users is graphically represented by a 
visual element which comprises: 

the identity of the individual user having read privilege for the resource; and 
a differing visual element for indicating that the user has write privilege for 
the resource; and one or more of the following visual elements: 

the time of the most recent read access by the user to the resource; 

the time of the most recent write access by the user to the resource; 

indication whether the most recent write access by the user to the resource 
is the most recent write access by any user to the resource; 

Indication whether the most recent read access by the user to the resource 
has been before the most recent write access by any user to the resource; 

indication whether the most recent read access by the user to the resource 
has been since the most recent write access by any user to the resource; 
and 

indication whether the user currently is without read privilege for the 
resource. 

1 1 . (Original) The graphical user interface of claim 10, wherein the set of 
individual users consists of: the set of users who have any access privilege at all 
for the resource; and the set of users who have accessed the resource in the past 
although they currently are without any access privilege for the resource. 

12. (Original) The graphical user interface of claim 10, further comprising a 
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display region for a representation of the resource, wherein the display region for 
representation of the set of users and the display region for representation of the 
resource appear to the operator as an integrated graphical user interface. 

13. (Original) A graphical user interface for representing access privileges for a 
user for one or more member resources in a collection of resources, wherein at 
least one display region contains a navigable structured graphical representation of 
the collection of resources, and wherein each member resource is graphically 
represented by a visual element which identifies the resource and which, by 
applying a predetermined set of steps, indicates the user's effective access 
privileges for the resource by variations in at least one appearance parameter 
selected from the set comprising; indicative icons; color; transparency; height; 
width; and font parameters, and wherein in the visual element representing the 
resource can be designated by the operator, regardless of variations in 
appearance, and wherein dynamic graphic feedback for a visual element 
designated by the operator indicates information comprising the identity of the 
selected resource; and dynamic graphical feedback for a resource approached for 
being designated by the operator indicates information comprising the identity of 
the approached resource, 

14. (Original) The graphical user interface of claim 13, wherein the collection of 
resources is organized as a hierarchy of resources and the navigable structured 
graphical representation is a graphical tree. 

15. (Original) The graphical user interface of claim 13, wherein the collection of 
resources is a set of resources and the navigable structured graphical 
representation is a table view. 

16. (Original) The graphical user interface of claim 13, wherein the variations in 
appearance comprise a reduction in height for each resource for which the user is 
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without any access privilege and the dynamic graphical feedback comprises using 
regular height for indicating identity* 

17. (Original) A graphical user interface for representing a set of a variable 
number of items in limited display space comprising: a visible region, a virtual 
plane, and overflow indicators, wherein each of the represented items is 
graphically represented by a predetermined visual element; each of the visual 
elements is positioned in the virtual plane; the virtual plane is masked by the 
visible region, permitting display of only a part of the virtual plane; the overflow 
indicators are located inside the visible region; the overflow indicators are located 
near such edges of the visible region beyond which more of the item displays are 
not visible; the number of overflow indicators is zero in case all of the item 
displays fit inside the visible region; a plurality of functions are implemented which 
change the position of the virtual plane relative to the visible region; a context 
dependent subset of the functions is available for selection by the operator for 
immediate and subsequent use; the visible region remains constant in size and 
Shape, even when the number and locations of the overflow indicators are 
changing; and the overflow indicators are graphically represented by using at least 
one method selected from the group of transparency, color change, saturation 
change, brightness change and anti-aliasing, whereby there is a smooth transition 
between the appearance of the user interface when all items fit and the 
appearance when there is overflow. 

18. (Original) The graphical user interface of claim 17, wherein the item displays 
are predominantly of low color saturation; and the overflow indicators are of 
distinctively higher color saturation, whereby the operator is visually alerted in 
case there is overflow. 

19. (Original) The graphical user interface of claim 17, wherein the overflow 
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indicators near an edge of the visible region by variations in their graphical 
appearance convey information about the number of the item displays which are 
not visible. 

20. (Original) The graphical user interface of claim 17, wherein the represented 
items are entities that have access privileges for a resource. 

21 . (Currently Amended) A user interface for representing and manipulating 
access control settings for a resource, comprising structured data representing 
access control settings for usors re l ated to the resource, and stored executable 
macros for invoking steps to manipulate the structured data, wherein the 
structured data also contains data that results from expansion of one or more of 
the macros. 

22. (Currently Amended) A method for controlling access to one or more 
elements from a document encoded in a markup language, comprising the steps 
Of: 

(a) determining the identity of a user attempting to access the document; 

(b) processing the document by roouf ei ve l y 

(1) parsing e ach o l omont elements of the document, comprising an evaluation 

of access control function attributes which may be present within an element 
using attribute values that reference resources to determine access privileges of 
the determined user for the referenced resources; and 

(2) permitting or denying access to the element based on the determined 
access privileges. 
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23. (Original) The method of claim 22, comprising the additional step of creating 
copies of the encoded documents and transmitting the copies to the accessing 
user, wherein the original encoded documents are not modified by the processing 
step. 

24. (Original) A method for access control to resources wherein the step of 
permitting access to a resource comprises evaluation of whether a user has the 
right to access a resource that references the requested resource, and is currently 
accessing the referencing resource, and if so, permitting access to the requested 
resource. 

25. (Original) A system for access control for resources in a branching hierarchy 
of resources, comprising structured data that defines access control settings for a 
resource which may optionally contain references to other resources within the 
hierarchy of resources; wherein access control settings of the referenced other 
resources are merged by a predetermined algorithm with the structured data to 
determine effective access control settings. 

26. (Original) The system of claim 25, wherein the predetermined algorithm 
performs unions of sets of entities which make up the access control settings of 
the referenced other resources and corresponding sets of entities which are 
defined by the structured data. 
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27. (Original) The system of claim 25, wherein inheritance within the hierarchy of 
resources defines access control settings for a resource for which there is no 
directly defining structured data, and a plurality of inheriting resources can share a 
single instance of defining structured data. 
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